github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Remove use of GNU extention strnlen().

Browse Source 
Fix CHANGES.
This commit is contained in:
brectanus 2007-05-16 19:37:27 +00:00
parent a68eb04884
commit b60f206976
2 changed files with 37 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
CHANGES
View File

@ -1,5 +1,10 @@
?? ??? 2007 - 2.2.0-trunk ?? ??? 2007 - 2.2.0-trunk
-------------------------
* Removed strnlen() calls for non-GNU platforms.
11 May 2007 - 2.2.0-dev1
------------------------- -------------------------
* Add SecGeoLookupsDb, @geoLookups and GEO collection to support * Add SecGeoLookupsDb, @geoLookups and GEO collection to support
@ -18,10 +23,10 @@
* Added experimental variables RESPONSE_CONTENT_LENGTH, RESPONSE_CONTENT_TYPE, * Added experimental variables RESPONSE_CONTENT_LENGTH, RESPONSE_CONTENT_TYPE,
and RESPONSE_CONTENT_ENCODING. and RESPONSE_CONTENT_ENCODING.
* Added experimental support for content injection. Directive SecContentInjection * Added experimental support for content injection. Directive
(On|Off) controls whether injection is taking place. Actions "prepend" SecContentInjection (On|Off) controls whether injection is taking place.
and "append" inject content when executed. Do note that it is your Actions "prepend" and "append" inject content when executed. Do note that
responsibility to make sure the response is of the appropriate it is your responsibility to make sure the response is of the appropriate
content type (e.g. HTML, plain text, etc). content type (e.g. HTML, plain text, etc).
* Added string comparison operators with support for macro expansion: * Added string comparison operators with support for macro expansion:
@ -58,8 +63,8 @@
and/or counting operator in the debug log. and/or counting operator in the debug log.
05 Apr 2007 - 2.1.1-rc2 11 Apr 2007 - 2.1.1
----------------------- -------------------
* Add the PCRE_DOLLAR_ENDONLY option when compiling regular expression * Add the PCRE_DOLLAR_ENDONLY option when compiling regular expression
for the @rx operator and variables. for the @rx operator and variables.
@ -67,16 +72,12 @@
* Really set PCRE_DOTALL option when compiling the regular expression * Really set PCRE_DOTALL option when compiling the regular expression
for the @rx operator as the docs state. for the @rx operator as the docs state.
11 Mar 2007 - 2.1.1-rc1
-----------------------
* Fixed potential memory corruption when expanding macros. * Fixed potential memory corruption when expanding macros.
* Fixed error when a collection var was fetched in the same second as creation * Fixed error when a collection was retrieved from storage in the same second
by setting the rate to zero. as creation by setting the rate to zero.
* Fixed ASCIIZ (NUL) parsing for application/x-www-form-urlencoded forms * Fixed ASCIIZ (NUL) parsing for application/x-www-form-urlencoded forms.
* Fixed the faulty REQUEST_FILENAME variable, which used to change * Fixed the faulty REQUEST_FILENAME variable, which used to change
the internal Apache structures by mistake. the internal Apache structures by mistake.

23
apache2/msc_geo.c
View File

@ -228,6 +228,23 @@ static int db_open(directory_config *dcfg, char **error_msg)
return 1; return 1;
} }
static int field_length(const char *field, int maxlen)
{
int i;
if (field == NULL) {
return 0;
}
for (i = 0; i < maxlen; i++) {
if (field[i] == '\0') {
break;
}
}
return i;
}
/** /**
* Initialise Geo data structure * Initialise Geo data structure
*/ */
@ -375,21 +392,21 @@ int geo_lookup(modsec_rec *msr, geo_rec *georec, const char *target, char **erro
remaining -= rec_offset; remaining -= rec_offset;
/* Region */ /* Region */
field_len = strnlen((const char *)cbuf+rec_offset,remaining); field_len = field_length((const char *)cbuf+rec_offset, remaining);
msr_log(msr, 9, "GEO: region=\"%.*s\"", ((field_len+1)*4), log_escape_raw(msr->mp, cbuf, sizeof(cbuf))+(rec_offset*4)); msr_log(msr, 9, "GEO: region=\"%.*s\"", ((field_len+1)*4), log_escape_raw(msr->mp, cbuf, sizeof(cbuf))+(rec_offset*4));
georec->region = apr_pstrmemdup(msr->mp, (const char *)cbuf+rec_offset, (remaining)); georec->region = apr_pstrmemdup(msr->mp, (const char *)cbuf+rec_offset, (remaining));
rec_offset += field_len + 1; rec_offset += field_len + 1;
remaining -= field_len + 1; remaining -= field_len + 1;
/* City */ /* City */
field_len = strnlen((const char *)cbuf+rec_offset,remaining); field_len = field_length((const char *)cbuf+rec_offset, remaining);
msr_log(msr, 9, "GEO: city=\"%.*s\"", ((field_len+1)*4), log_escape_raw(msr->mp, cbuf, sizeof(cbuf))+(rec_offset*4)); msr_log(msr, 9, "GEO: city=\"%.*s\"", ((field_len+1)*4), log_escape_raw(msr->mp, cbuf, sizeof(cbuf))+(rec_offset*4));
georec->city = apr_pstrmemdup(msr->mp, (const char *)cbuf+rec_offset, (remaining)); georec->city = apr_pstrmemdup(msr->mp, (const char *)cbuf+rec_offset, (remaining));
rec_offset += field_len + 1; rec_offset += field_len + 1;
remaining -= field_len + 1; remaining -= field_len + 1;
/* Postal Code */ /* Postal Code */
field_len = strnlen((const char *)cbuf+rec_offset,remaining); field_len = field_length((const char *)cbuf+rec_offset, remaining);
msr_log(msr, 9, "GEO: postal_code=\"%.*s\"", ((field_len+1)*4), log_escape_raw(msr->mp, cbuf, sizeof(cbuf))+(rec_offset*4)); msr_log(msr, 9, "GEO: postal_code=\"%.*s\"", ((field_len+1)*4), log_escape_raw(msr->mp, cbuf, sizeof(cbuf))+(rec_offset*4));
georec->postal_code = apr_pstrmemdup(msr->mp, (const char *)cbuf+rec_offset, (remaining)); georec->postal_code = apr_pstrmemdup(msr->mp, (const char *)cbuf+rec_offset, (remaining));
rec_offset += field_len + 1; rec_offset += field_len + 1;